This could get a bit long winded - I'll reply to you personally
and maybe you can post a summary back on the list if it's useful.
Steve
>
> this looks very useful. Does this mean you *are* using the
> padl modules
> (pam and nss) or the native solaris ones?
>
> > Had problems with the openldap/padl stack on Solaris when trying to
> > get the sasl/gssapi part working. Works OK for simple/auth.
>
> I only want to get tls:simple working for regular authentication which
> seems to be what you have setup - maybe I'll try sasl once
> I'm over this
> hurdle!
>
> > I run tls encryption from sol8 and sol9 native clients to openldap
> > server. By installing the ldap2 back-port (patch 108993-nn) on sol8
> > you get the sol9 ldap client functionality, which is easier to use
> > than the sol8.
>
> this is good to know. Do you verify the server certificate
> against a CA
> cert?
>
> > I'm using simple auth (as you are probably already doing on the sol8
> > client?). Here's an example below of a usable ldap2 (sol9)
> > ldap_client_file,
> > in which the mappings may not match the objectclasses and attributes
> > you are using at your sol9 openldap server, but I'm sure
> you'll get the
> > gist.
> >
> > btw, I never use the solaris profiles, which seem to get in
> the way of
> > configuring clients rather than helping, but maybe I've not
> worked out
> > how to use them properly.
>
> so this file was generated with 'ldapclient manual' ? there don't seem
> to be entries for proxydn and proxypassword... have these just been
> snipped?
>
> > Let me know if you need details on getting the tls part working.
>
> its the main thing holding me up at the moment!
>
> GREG
>
> > Steve
>
> <---stuff snipped--->
>
> --
> Greg Matthews
> iTSS Wallingford 01491 692445
>
**********************************************************************
This is a commercial communication from Commerzbank AG.
This communication is confidential and is intended only for the person to
whom it is addressed. If you are not that person you are not permitted to
make use of the information and you are requested to notify
<mailto:LONIB.Postmaster@commerzbankib.com> immediately that you have
received it and then destroy the copy in your possession.
Commerzbank AG may monitor outgoing and incoming e-mails. By replying to
this e-mail you consent to such monitoring. This e-mail message and any
attached files have been scanned for the presence of computer viruses.
However, you are advised that you open attachments at your own risk.
This email was sent either by Commerzbank AG, London Branch, or by
Commerzbank Securities, a division of Commerzbank. Commerzbank AG is a
limited liability company incorporated in the Federal Republic of Germany.
Registered Company Number in England BR001025. Our registered address in
the UK is 23 Austin Friars, London, EC2P 2JD. We are regulated by the
Financial Services Authority for the conduct of investment business in the
UK and we appear on the FSA register under number 124920.
**********************************************************************